Hackathon Track: Cybersecurity & AI-Powered Threat Detection
Repository: log-analyzer-attack-detection
Maintainer: @Rohit30Confluence
Project Start Date: October 25, 2025
This project implements a real-time log analysis and attack detection engine, designed to identify malicious activities such as SQL Injection, Cross-Site Scripting (XSS), and Brute-force attacks from application and server logs.
Built with FastAPI, Redis, and Docker, it is structured for scalable real-time deployment and analytics visualization.
- Defined project scope and architecture.
- Created initial repository structure on GitHub.
- Set up
.gitignore,requirements.txt, andDockerfile. - Initialized
FastAPIbase with/pingand/healthendpoints.
- Added log parser for Apache/Nginx-style access logs.
- Implemented signature-based detection:
- SQL Injection pattern matching.
- XSS payload detection.
- Brute-force login attempt identification.
- Modularized detection logic in
main.py.
- Integrated Redis queue (
logs_stream) for asynchronous log ingestion. - Added fallback inline analysis when Redis is not configured.
- Extended
/ingestAPI to accept:- Raw text
- File uploads
- JSON payloads
- Created Dockerized backend under
/backend/Dockerfile. - Configured environment variables for:
REDIS_URLPORT
- Deployed backend to Railway.app using GitHub Actions CI/CD.
- Backend container built successfully — application started via Uvicorn.
- Despite active deployment, Railway domain unreachable (
DNS_PROBE_FINISHED_NXDOMAIN). - Verified:
- Healthy container logs (
Uvicorn running on 0.0.0.0:8000) - No build/runtime errors
- Port configuration (8000) correct
- Healthy container logs (
- Opened detailed GitHub Issue #21 documenting environment, logs, and suspected causes.
- Opened and merged feature pull requests:
- #1: Apache log parser module
- #2: Attack detection rule modules (SQLi, XSS, Brute Force)
- #3: Unit tests
- #4: Visualization logic for detected patterns
- #5: Adaptive anomaly detection engine
- #6: CLI interface for unified analysis
- Repository now supports both batch and real-time log analysis workflows.
- Preparing for live ingestion loop testing.
- Plan to move deployment from Railway to Render for a stable public endpoint.
- Beginning real-time log intelligence and visualization layer integration.
| Component | Status | Notes |
|---|---|---|
| FastAPI Backend | ✅ Functional | Core detection logic stable |
| Docker Deployment | ✅ Working | Container builds successfully |
| Railway Deployment | Active deployment, endpoint unreachable | |
| Redis Integration | ⚙️ Optional | Ready for activation |
| Frontend / Dashboard | 🧩 In Progress | Visualization PR pending |
| Real-Time Experiment | 🚧 Upcoming | Next implementation phase |
- Redeploy backend on Render / Fly.io to achieve public endpoint availability.
- Implement live ingestion loop to continuously process incoming logs.
- Integrate anomaly scoring module for adaptive risk detection.
- Build visualization dashboard for security insights in real-time.
- Conduct final test run & benchmarking before hackathon submission.
- GitHub: Rohit30Confluence/log-analyzer-attack-detection
- Active Issue: #21 – Deployment Active but Application Not Reachable
- Demo Deployment (pending):
https://log-analyzer-attack-detection-production.up.railway.app
This repository evolved from a basic FastAPI app to a fully modular real-time log analysis framework ready for cloud-scale attack detection.
Ongoing improvements will complete the intelligence loop, providing autonomous pattern recognition and live monitoring capabilities.